nanog mailing list archives
Re: Security gain from NAT (was: Re: Cool IPv6 Stuff)
From: Matthew Palmer <mpalmer () hezmatt org>
Date: Tue, 5 Jun 2007 09:57:19 +1000
On Mon, Jun 04, 2007 at 08:12:45PM +0100, Colm MacCarthaigh wrote:
The argument can go either way, you can spin it as a benefit for the network operator ("wow, user activity and problems are now more readily identifiable and trackable") or you can see it as an organisational privacy issue ("crap, now macrumors can tell that the CEO follows them obsessively").
Surely that second quote should be "crap, now macrumors can tell that one person in our office follows them obsessively"? Unless there's publically-available information that indicates that IP address is your CEO's (which is a whole other topic -- publically available rDNS for company-internal IPv6 ranges). Talking about HTTP traffic in particular, though, it's pretty likely that macrumors already knows that they've only got one person in your office following them obsessively already, using cookies. It's a rare CEO that knows to block most cookies (and clear out their cookie jar regularly).
NAT is still evil though, the problems it causes operationally are just plain not worth it.
Amen to that. - Matt -- I have always wished that my computer would be as easy to use as my telephone. My wish has come true. I no longer know how to use my telephone. -- Bjarne Stroustrup
Current thread:
- Re: Cool IPv6 Stuff, (continued)
- Re: Cool IPv6 Stuff Adrian Chadd (Jun 04)
- Re: Cool IPv6 Stuff Iljitsch van Beijnum (Jun 06)
- Re: Cool IPv6 Stuff Joel Jaeggli (Jun 04)
- Re: Cool IPv6 Stuff Owen DeLong (Jun 04)
- Security gain from NAT (was: Re: Cool IPv6 Stuff) Jim Shankland (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Joe Abley (Jun 04)
- Re: Security gain from NAT Sam Stickland (Jun 04)
- RE: Security gain from NAT Howard C. Berkowitz (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Owen DeLong (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Colm MacCarthaigh (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Matthew Palmer (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Donald Stahl (Jun 04)
- Re: Security gain from NAT Jason Lewis (Jun 04)
- Re: Security gain from NAT Daniel Senie (Jun 04)
- Re: Security gain from NAT Steven M. Bellovin (Jun 05)
- RE: Security gain from NAT (was: Re: Cool IPv6 Stuff) David Schwartz (Jun 04)
- RE: Security gain from NAT (was: Re: Cool IPv6 Stuff) Donald Stahl (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Owen DeLong (Jun 04)
- RE: Security gain from NAT (was: Re: Cool IPv6 Stuff) David Schwartz (Jun 04)
- Re: Security gain from NAT (was: Re: Cool IPv6 Stuff) Matthew Palmer (Jun 04)
- RE: Security gain from NAT (was: Re: Cool IPv6 Stuff) David Schwartz (Jun 05)